A mailgate for Postfix to encrypt incoming and outgoing email with S/MIME and/or OpenPGP and decrypting OpenPGP encrypted emails
Find a file
Piotr F. Mieszkowski 881a8d1756 Add GnuPG encryption support for addresses with delimiters
If a user registers their key for address alice@example.com but receives a
message sent to alice+something@example.com, this message should be encrypted
as well.

- Implement delimiter support for GnuPG encryption.

- Add E2E test case for a clear text message delivered to an address with
delimiter.

- Fix minor bug: wrong configuration parameter was retrieved when logging
information about enc_domain_keymap being active.
2022-06-08 21:20:58 +02:00
cron_templates All mails from cron script are now passed through the GPG-Mailgate so they are encrypted if possible. 2015-06-04 20:13:04 +02:00
doc Update testing documentation 2022-04-23 13:13:57 +02:00
GnuPG Add E2E case: a user with a key and PGP/MIME configured 2022-05-30 00:49:40 +02:00
gpg-mailgate-web Remove leftover .read() call 2022-05-14 11:26:49 +02:00
lacre Extract delimiter support, add unit tests 2022-06-07 22:14:32 +02:00
register_templates Inform the user if registration failed because GPG-Mailgate-Web could not be reached. 2015-06-04 21:52:39 +02:00
test Add GnuPG encryption support for addresses with delimiters 2022-06-08 21:20:58 +02:00
.gitignore Ignore random_seed 2022-01-10 17:47:23 +01:00
gpg-lacre-logging.conf.sample Explain syslog logging better in sample logging config 2022-05-13 21:57:29 +02:00
gpg-mailgate.conf.sample Update sample config 2022-05-14 11:40:20 +02:00
gpg-mailgate.py Add GnuPG encryption support for addresses with delimiters 2022-06-08 21:20:58 +02:00
INSTALL.md Update installation instructions, add sample logging config 2022-05-11 19:15:59 +02:00
LICENSE Update license to GNU GPL v3. 2013-10-02 14:27:28 -04:00
Makefile Finish migration to SQLAlchemy and automate testing cron.py 2022-04-23 13:08:40 +02:00
README.md Few typos fixed. 2021-04-20 17:43:01 -03:00
register-handler.py Use Lacre logging and configuration in register-handler 2022-05-06 20:13:23 +02:00

GPG Lacre Project

Fork and continuation of original work of gpg-mailgate project: https://github.com/fkrone/gpg-mailgate

GPG Lacre (wax seal in Portuguese) is a content filter for Postfix that automatically encrypts unencrypted incoming email using PGP or S/MIME for select recipients. This project is the continuation of the work of "gpg-mailgate" on providing open source, GnuPG based email encryption for emails at rest. All incoming emails are automatically encrypted with user's public key before they are saved on the server. It is a server side encryption solution while the control of the encryption keys are fully at the hands of the end-user and private keys are never stored on the server.

The scope of the project is to improve on the already existing code, provide easy to use key upload system (standalone as well as Roundcube plugin) and key discoverability. Beside providing a solution that is easy to use we will also provide easy to digest material about encryption, how it works and how to make use of it in situations other the just mailbox encryption. Understanding how encryption works is the key to self-determination and is therefore an important part of the project.

GPG Lacre will be battle tested on the email infrastructure of https://disroot.org (an ethical non-profit service provider).


The work on this project in 2021 is funded by https://nlnet.nl/thema/NGIZeroPET.html for which we are very thankful.

The scope of the work for 2021 is:

  • Rewrite code to python3
  • Improve standalone key upload website
  • Provide Roundcube plugin for key management
  • Improve key server features
  • Provide webiste with information and tutorials on how to use GPG in general and also Lacre
  • (Optional) provide Autocrypt support

Made possible thanks to:


For installation instructions, please refer to the included INSTALL file.


Features

  • Correctly displays attachments and general email content; currently will only display first part of multipart messages
  • Public keys are stored in a dedicated gpg-home-directory
  • Encrypts both matching incoming and outgoing mail (this means gpg-mailgate can be used to encrypt outgoing mail for software that doesn't support PGP or S/MIME)
  • Decrypts PGP encrypted mails for present private keys (but no signature check and it does not always work with PGP/INLINE encrypted mails)
  • Easy installation
  • gpg-mailgate-web extension is a web interface allowing any user to upload PGP keys so that emails sent to them from your mail server will be encrypted (see gpg-mailgate-web directory for details)
  • people can submit their public key like to any keyserver to gpg-mailgate with the gpg-mailgate-web extension
  • people can send an S/MIME signed email to register@yourdomain.tld to register their public key
  • people can send their public OpenPGP key as attachment or inline to register@yourdomain.tld to register it

This is forked from the original project at http://code.google.com/p/gpg-mailgate/

Authors

This is a combined work of many developers and contributors. We would like to pay honours to original gpg mailbox developers for making this project happen, and providing solid solution for encryption emails at rest: